- HTX fulfilled its promise to pay a 5% white hat bonus to the hacker
- The compromised wallet was identified as one of HTX’s hot wallets
Cryptocurrency exchange HTX, formerly known as Huobi, has successfully recovered the crypto assets that were stolen by a hacker in late September. In a notable turn of events, HTX has also fulfilled its promise to pay a 5% white hat bonus to the hacker after regaining control of the looted funds.
The security breach occurred on September 25 when a vulnerability in HTX’s system allowed a hacker to drain 5,000 ETH from one of the exchange’s hot wallets. At the time, this amounted to approximately $8 million. Swift action was taken by the crypto company, which not only identified the attacker but also reached out to them.
In a bid to resolve the situation amicably, HTX offered a 5% bounty, equivalent to around $400,000, to the hacker. They also proposed not pursuing any legal action if 95% of the stolen funds were returned by a specified deadline of October 2, 2023.
However, the clock was ticking, and the seven-day ultimatum came to an end on October 2. But then, on Saturday, October 7, Justin Sun, an adviser to HTX, confirmed via a post on social media platform X (formerly Twitter) that the exchange had successfully retrieved the entire sum that was stolen by the hacker. Furthermore, HTX honored its commitment by paying the hacker a white hat reward of 250 ETH, which was approximately valued at $410,000, in line with the initial agreement.
In his post, Sun expressed gratitude for the unwavering support of the exchange’s users and the wider crypto community, emphasizing that safeguarding blockchain security and user assets remains a challenging but essential task. He reaffirmed that HTX is steadfast in its commitment to providing robust security measures for user assets.
Notably, the compromised wallet was identified as one of HTX’s hot wallets, which had received approximately $500 million in deposits from Binance since its creation in March, according to data from Arkham.
The incident highlights the persistent challenges posed by cybersecurity threats in the cryptocurrency space. Recent data from blockchain security firm Certik revealed that in September 2023, approximately $332 million worth of crypto assets were stolen through various means, including exploits, exit scams, and flash attacks. Exploits accounted for over 98% of this total, with less than $2.5 million attributed to rug pulls and flash loan attacks.
This incident follows a similar breach in which Hong Kong-based crypto company Mixin reported a theft of approximately $200 million by hackers.